Analyzing a Simple Scenario

Weâ€™ve covered a lot of ground, and it can be difficult to pull all of these concepts together until youâ€™ve had an opportunity to use them. This section takes us through a simple risk scenario â€“ providing an opportunity to kick the tires, so-to-speak.

The Scenario

A Human Resources (HR) executive within a large bank has his username and password written on a sticky-note stuck to his computer monitor. These authentication credentials allow him to log onto the network and access the HR applications heâ€™s entitled to use.
Before we get started, think to yourself how youâ€™d rate the level of risk within this scenario based upon the assessments youâ€™ve seen or done in the past.

The Analysis

The simplified process weâ€™ll use in this example is comprised of ten steps in four stages: